<!--
  This file is a part of the open-eBackup project.
  This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0.
  If a copy of the MPL was not distributed with this file, You can obtain one at
  http://mozilla.org/MPL/2.0/.
  
  Copyright (c) [2024] Huawei Technologies Co.,Ltd.
  
  THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
  EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
  MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
  -->


<!DOCTYPE html
  PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="zh-cn" xml:lang="zh-cn">
<head>
      <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
   
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="DC.Type" content="topic">
<meta name="DC.Title" content="配置诱饵检测">
<meta name="product" content="">
<meta name="DC.Relation" scheme="URI" content="zh-cn_topic_0000002043400826.html">
<meta name="prodname" content="">
<meta name="version" content="">
<meta name="brand" content="防勒索 帮助中心-Dorado V700R001C00">
<meta name="DC.Publisher" content="20241119">
<meta name="DC.Format" content="XHTML">
<meta name="DC.Identifier" content="ZH-CN_TOPIC_0000002043559110">
<meta name="DC.Language" content="zh-cn">
<link rel="stylesheet" type="text/css" href="public_sys-resources/commonltr.css">
<title>配置诱饵检测</title>
</head>
<body style="clear:both; padding-left:10px; padding-top:5px; padding-right:5px; padding-bottom:5px"><a name="ZH-CN_TOPIC_0000002043559110"></a><a name="ZH-CN_TOPIC_0000002043559110"></a>

<h1 class="topictitle1">配置诱饵检测</h1>
<div id="body8662426"><p id="ZH-CN_TOPIC_0000002043559110__zh-cn_topic_0000002019583881_zh-cn_topic_0000001943457061_p1660231131116">开启诱饵检测功能，会在选定的文件系统目录下生成诱饵文件，当检测到异常时，系统对诱饵文件进行分析，确定文件系统是否受到勒索攻击或是用户误操作行为，以提升勒索病毒检测实时性，减少检测误报率。</p>
<div class="section" id="ZH-CN_TOPIC_0000002043559110__zh-cn_topic_0000002019583881_zh-cn_topic_0000001943457061_section1065318112248"><h4 class="sectiontitle">注意事项</h4><ul id="ZH-CN_TOPIC_0000002043559110__zh-cn_topic_0000002019583881_zh-cn_topic_0000001943457061_ul63175180364"><li id="ZH-CN_TOPIC_0000002043559110__zh-cn_topic_0000002019583881_zh-cn_topic_0000001943457061_li9285152416365">诱饵检测功能开启会在共享目录下放置极少量诱饵文件进行勒索检测，请勿对诱饵文件进行加密、删除、修改文件后缀等异常操作，会导致误报出现。</li><li id="ZH-CN_TOPIC_0000002043559110__zh-cn_topic_0000002019583881_zh-cn_topic_0000001943457061_li13301034153610">诱饵检测功能涉及扫描共享目录下文件的元数据信息。</li><li id="ZH-CN_TOPIC_0000002043559110__zh-cn_topic_0000002019583881_zh-cn_topic_0000001943457061_li2317918193618">WORM功能开启后，诱饵文件可能会在共享目录下残留，WORM属于更严格的数据保护机制，开启WORM后不建议开启诱饵检测。</li><li id="ZH-CN_TOPIC_0000002043559110__zh-cn_topic_0000002019583881_zh-cn_topic_0000001943457061_li7879204017820">对于处于双活AA模式的文件系统，需在主端和从端均开启诱饵检测功能。</li><li id="ZH-CN_TOPIC_0000002043559110__zh-cn_topic_0000002019583881_zh-cn_topic_0000001943457061_li144981042410">对于处于双活AP模式、同步模式，或远程复制的文件系统，仅支持在主端开启诱饵检测功能。</li><li id="ZH-CN_TOPIC_0000002043559110__zh-cn_topic_0000002019583881_zh-cn_topic_0000001943457061_li97191439161618">当用户消除勒索告警<strong id="ZH-CN_TOPIC_0000002043559110__zh-cn_topic_0000002019583881_zh-cn_topic_0000001943457061_b4962219171817">0x5F025D0004</strong>后，系统会自动重新部署诱饵文件，确保诱饵文件可用。</li></ul>
</div>
<div class="section" id="ZH-CN_TOPIC_0000002043559110__zh-cn_topic_0000002019583881_zh-cn_topic_0000001943457061_section101266542134"><h4 class="sectiontitle">前提条件</h4><p id="ZH-CN_TOPIC_0000002043559110__zh-cn_topic_0000002019583881_zh-cn_topic_0000001943457061_p582604010235">已开启实时勒索检测功能，具体操作请参见<a href="zh-cn_topic_0000002079639853.html">开启实时勒索检测</a>。</p>
</div>
<div class="section" id="ZH-CN_TOPIC_0000002043559110__zh-cn_topic_0000002019583881_zh-cn_topic_0000001943457061_zh-cn_topic_0000001335597804_section15832163516466"><h4 class="sectiontitle">操作步骤</h4><ol id="ZH-CN_TOPIC_0000002043559110__zh-cn_topic_0000002019583881_zh-cn_topic_0000001943457061_zh-cn_topic_0000001335597804_ol13790921131411"><li id="ZH-CN_TOPIC_0000002043559110__zh-cn_topic_0000002019583881_zh-cn_topic_0000001943457061_li1060312313402"><span>登录ProtectManager。</span></li><li id="ZH-CN_TOPIC_0000002043559110__zh-cn_topic_0000002019583881_zh-cn_topic_0000001943457061_zh-cn_topic_0000001335597804_zh-cn_topic_0000001166366216_zh-cn_topic_0000001091431193_li1570821013536"><span>在导航栏选择<span class="menucascade" id="ZH-CN_TOPIC_0000002043559110__zh-cn_topic_0000001909017928_zh-cn_topic_0000001339006246_menucascade22354298106">“<span class="uicontrol" id="ZH-CN_TOPIC_0000002043559110__zh-cn_topic_0000001909017928_zh-cn_topic_0000001943457061_zh-cn_topic_0000001339006246_uicontrol32351629191018">数据安全</span> &gt; <span class="uicontrol" id="ZH-CN_TOPIC_0000002043559110__zh-cn_topic_0000001909017928_zh-cn_topic_0000001943457061_zh-cn_topic_0000001339006246_uicontrol52581631131016">防勒索</span> &gt; <span class="uicontrol" id="ZH-CN_TOPIC_0000002043559110__zh-cn_topic_0000001909017928_zh-cn_topic_0000001943457061_zh-cn_topic_0000001339006246_uicontrol11201113716103">实时勒索检测</span>”</span>。</span></li><li id="ZH-CN_TOPIC_0000002043559110__zh-cn_topic_0000002019583881_zh-cn_topic_0000001943457061_zh-cn_topic_0000001335597804_li146593571486"><span>选择<span class="uicontrol" id="ZH-CN_TOPIC_0000002043559110__zh-cn_topic_0000002019583881_zh-cn_topic_0000001943457061_zh-cn_topic_0000001335597804_uicontrol1366015794815">“诱饵检测”</span>页签。</span></li><li id="ZH-CN_TOPIC_0000002043559110__zh-cn_topic_0000002019583881_zh-cn_topic_0000001943457061_zh-cn_topic_0000001335597804_li5362122616287"><span>勾选需要开启诱饵检测的文件系统，单击操作列的“更多 &gt; 开启诱饵检测”。</span><p><div class="note" id="ZH-CN_TOPIC_0000002043559110__zh-cn_topic_0000002019583881_zh-cn_topic_0000001943457061_note35451819560"><img src="public_sys-resources/note_3.0-zh-cn.png"><span class="notetitle"> </span><div class="notebody"><ul id="ZH-CN_TOPIC_0000002043559110__zh-cn_topic_0000002019583881_zh-cn_topic_0000001943457061_ul155418172920"><li id="ZH-CN_TOPIC_0000002043559110__zh-cn_topic_0000002019583881_zh-cn_topic_0000001943457061_li1520561932915">您也可以勾选多个需要开启诱饵检测的文件系统，单击文件系统列表上方的<span class="uicontrol" id="ZH-CN_TOPIC_0000002043559110__zh-cn_topic_0000002019583881_zh-cn_topic_0000001943457061_zh-cn_topic_0000001335629021_uicontrol187491158181618">“开启诱饵检测”</span>。</li><li id="ZH-CN_TOPIC_0000002043559110__zh-cn_topic_0000002019583881_zh-cn_topic_0000001943457061_li2551812291">诱饵检测仅支持开启的文件系统数量为10个。</li></ul>
</div></div>
</p></li><li id="ZH-CN_TOPIC_0000002043559110__zh-cn_topic_0000002019583881_zh-cn_topic_0000001943457061_li442115961920"><span>在系统弹出的“开启诱饵检测”界面设置诱饵文件更新频率，建议定期更新诱饵文件。</span><p><div class="note" id="ZH-CN_TOPIC_0000002043559110__zh-cn_topic_0000002019583881_zh-cn_topic_0000001943457061_note793415121555"><img src="public_sys-resources/note_3.0-zh-cn.png"><span class="notetitle"> </span><div class="notebody"><ul id="ZH-CN_TOPIC_0000002043559110__zh-cn_topic_0000002019583881_zh-cn_topic_0000001943457061_ul20156301688"><li id="ZH-CN_TOPIC_0000002043559110__zh-cn_topic_0000002019583881_zh-cn_topic_0000001943457061_li1515640486">定期更新诱饵文件可以按照最新的文件系统信息对诱饵文件进行自适应更新，提高诱饵文件勒索检测有效性。</li><li id="ZH-CN_TOPIC_0000002043559110__zh-cn_topic_0000002019583881_zh-cn_topic_0000001943457061_li41561406810">不更新诱饵文件则无法进行自适应更新，可能导致诱饵文件勒索检测有效性降低。</li></ul>
</div></div>
</p></li><li id="ZH-CN_TOPIC_0000002043559110__zh-cn_topic_0000002019583881_zh-cn_topic_0000001943457061_li57011156192417"><span>单击“确定”。</span><p><div class="note" id="ZH-CN_TOPIC_0000002043559110__zh-cn_topic_0000002019583881_zh-cn_topic_0000001943457061_note102105192519"><img src="public_sys-resources/note_3.0-zh-cn.png"><span class="notetitle"> </span><div class="notebody"><p id="ZH-CN_TOPIC_0000002043559110__zh-cn_topic_0000002019583881_zh-cn_topic_0000001943457061_p23890342514">您可以在配置诱饵检测完成后，单击对应文件系统操作列的“更多 &gt; 查看诱饵文件”，可以查看诱饵文件存放的路径、数量和名称。</p>
</div></div>
</p></li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>父主题：</strong> <a href="zh-cn_topic_0000002043400826.html">使用实时勒索检测（适用于文件业务）</a></div>
</div>
</div>

<div class="hrcopyright"><hr size="2"></div><div class="hwcopyright">版权所有 &copy; 华为技术有限公司</div></body>
</html>